Skip to main content
CVE-2023-1080 MEDIUM POC THREAT This Month

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

XSS WordPress Gn Publisher
NVD VulDB
CVSS 3.1
6.1
EPSS
34.0%
CVE-2023-27372 CRITICAL POC PATCH THREAT Act Now

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Spip Debian Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2023-1100 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Catering Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25266 HIGH POC This Week

An issue was discovered in Docmosis Tornado prior to version 2.9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Tornado
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-20937 HIGH POC PATCH This Week

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Google Use After Free Privilege Escalation Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26256 HIGH POC THREAT This Week

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Stagil Navigation
NVD GitHub
CVSS 3.1
7.5
EPSS
11.6%
CVE-2023-26255 HIGH POC THREAT This Week

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Stagil Navigation
NVD GitHub
CVSS 3.1
7.5
EPSS
47.9%
CVE-2023-25265 HIGH POC This Week

Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tornado
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-25264 HIGH POC This Week

An issue was discovered in Docmosis Tornado prior to version 2.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tornado
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26105 HIGH POC This Week

All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Utilities
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-27320 HIGH POC This Week

Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo Fedora
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-25432 HIGH POC This Week

An issue was discovered in Online Reviewer Management System v1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Reviewer Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-27293 MEDIUM POC This Month

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27371 MEDIUM POC PATCH This Month

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service Libmicrohttpd
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2023-1099 CRITICAL Act Now

A vulnerability was found in SourceCodester Online Student Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Student Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20946 CRITICAL PATCH Act Now

In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0511 CRITICAL Act Now

Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Authentication Bypass Java Policy Agents
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-0339 CRITICAL Act Now

Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass.10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Web Policy Agents
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27295 MEDIUM POC This Month

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Opencats
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27294 MEDIUM POC This Month

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-27292 MEDIUM POC This Month

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Opencats
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-25807 MEDIUM POC PATCH This Month

DataEase is an open source data visualization and analysis tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dataease
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25431 MEDIUM POC This Month

An issue was discovered in Online Reviewer Management System v1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Reviewer Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-24419 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Formidable Form Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1017 HIGH This Week

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Trusted Platform Module +11
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-20945 HIGH PATCH This Week

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20944 HIGH PATCH This Week

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Google Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20943 HIGH PATCH This Week

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20940 HIGH PATCH This Week

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Jwt Attack Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20939 HIGH PATCH This Week

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20938 HIGH PATCH This Week

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-20934 HIGH PATCH This Week

In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20933 HIGH PATCH This Week

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0461 HIGH PATCH This Week

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-22995 HIGH PATCH This Week

In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23689 HIGH PATCH This Week

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell A200 Firmware A2000 Firmware H400 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20948 HIGH PATCH This Week

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25540 HIGH PATCH This Week

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-20857 MEDIUM This Month

VMware Workspace ONE Content contains a passcode bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Workspace One Content
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-25575 MEDIUM PATCH This Month

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Core
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1095 MEDIUM PATCH This Month

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22999 MEDIUM PATCH This Month

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22998 MEDIUM PATCH This Month

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22997 MEDIUM PATCH This Month

In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22996 MEDIUM PATCH This Month

In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1018 MEDIUM This Month

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Trusted Platform Module Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
5.6%
CVE-2023-1023 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-1022 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google WordPress Wp Meta Seo
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-23983 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Responsive Vertical Icon Menu
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-1065 MEDIUM PATCH This Month

This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Kubernetes Monitor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy